Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #62140, comment 10


Ignore:
Timestamp:
10/24/2024 02:26:27 PM (7 weeks ago)
Author:
flixos90
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #62140, comment 10

    initial v1  
    55> Wait, how is that so disasterous? I'm looking at the source again and I'm confused.
    66
    7 When `register_block_type_from_metadata()` runs, we check if there's a block metadata collection that encompasses that given file location. For example, if I have a block file `wp-content/plugins/my-plugin/blocks/test/block.json`, a collection with `wp-content/plugins/my-plugin` would match that (good), but so would a collection with `wp-content/plugins` (bad). We wouldn't want to allow someone to tamper with how other plugins' blocks are registered, it could be used to override the block configuration data by other plugins. Other than that, it's also a bit wasteful for performance because ''every'' plugin's blocks would also match that overall `wp-content/plugins` block metadata collection.
     7When `register_block_type_from_metadata()` runs, we check if there's a block metadata collection that encompasses that given file location. For example, if I have a block file `wp-content/plugins/my-plugin/blocks/test/block.json`, a collection with `wp-content/plugins/my-plugin` would match that (good), but so would a collection with `wp-content/plugins` (bad). We wouldn't want to allow someone to tamper with how other plugins' blocks are registered, it could be used to override the block configuration data by other plugins. That might make sense for a project you manage, but it would open up lots of doors for malicious intent to any plugin modifying another plugin's behavior. The risk is greater than the reward for this. Other than that, it's also a bit wasteful for performance because ''every'' plugin's blocks would also match that overall `wp-content/plugins` block metadata collection.
    88
    99Last but not least, there's efforts like #62267, which would make it even more problematic if it was possible to register block metadata collections for those root directories.